Identity Verification Gains Ground as AI Reshapes Authentication Risks

/ AI, Cyber Security

The News

HYPR released its 2026 State of Passwordless Identity Assurance report, revealing that Generative AI (53%) and Agentic AI (45%) have overtaken stolen credentials as the top identity security concern for organizations. The report, produced with 451 Research from S&P Global, finds that enterprises are increasingly adopting identity verification (IDV) to address AI-driven impersonation threats, even as enterprise-wide passwordless adoption has stalled at 43%.

Analysis

AI-Driven Identity Attacks Are Changing the Security Landscape

Identity security is entering a new phase as attackers leverage AI to automate impersonation attacks, deepfakes, and credential harvesting at scale. While stolen passwords and phishing campaigns have long been central attack vectors, AI-enabled tools are now amplifying these threats by enabling attackers to generate convincing synthetic media and automate fraud campaigns.

The report highlights several indicators of this shift:

  • 87% of organizations report encountering audio or video deepfakes in identity-based attacks
  • 40% report AI voice cloning incidents targeting call centers
  • Identity impersonation incidents increased by 35%

These developments suggest that identity attacks are increasingly moving beyond simple credential theft toward synthetic identity manipulation and automated social engineering, forcing organizations to rethink how identity assurance is implemented across the enterprise.

Passwordless Progress Meets Enterprise Implementation Challenges

Despite growing awareness of passwordless authentication methods such as passkeys, enterprise adoption remains uneven. The report shows passkey literacy rising to 64% among organizations, yet enterprise-wide adoption has plateaued at 43%.

Several factors appear to be slowing deployment:

  • Legacy identity infrastructure still heavily dependent on passwords
  • Organizational challenges in scaling authentication changes across large workforces
  • Integration complexity across identity and access management systems

At the same time, organizations appear to be shifting toward identity verification (IDV) as a complementary control. While 65% of enterprises report deploying IDV, most implementations remain limited to small portions of the workforce.

For developers and security architects, this reflects a broader challenge: modern identity security requires coordination across authentication systems, onboarding workflows, and operational processes rather than simply replacing passwords with passkeys.

Market Challenges and Insights

The report also highlights the growing velocity of AI-enabled attacks. While 65% of identity-based attacks are detected within hours, automated attack workflows can exfiltrate data before human response teams can intervene.

This acceleration is contributing to a reactive spending cycle. The report notes that 59% of organizations increase security budgets only after a breach, often prioritizing identity verification and multi-factor authentication afterward.

These dynamics mirror broader security trends seen across cloud-native development environments. Research shows 41.3% of organizations say faster CI/CD cycles increase vulnerability risk, while 47.2% report experiencing breaches linked to cloud-native applications.

As software delivery speeds increase and identity systems become more distributed, identity assurance is becoming a foundational component of enterprise security architecture.

What This Means for Developers and Security Teams

For developers and platform teams, identity security is evolving from a login mechanism into a continuous identity assurance framework. Instead of verifying identity only at sign-in, organizations may increasingly rely on ongoing verification processes tied to onboarding, device trust, behavioral signals, and access context.

This shift may drive increased adoption of:

  • Passwordless authentication and passkeys
  • Identity verification workflows
  • Risk-based authentication and adaptive access controls
  • Automated identity lifecycle management

For application developers, these capabilities will increasingly need to integrate directly into authentication services, identity providers, and developer platforms.

Looking Ahead

The HYPR report suggests that identity security is entering a period of rapid transformation driven by AI-powered threats and synthetic identity risks. While passwordless authentication remains a strategic goal for many organizations, scaling those systems across the enterprise remains a work in progress.

In the near term, identity verification is likely to play a growing role in bridging this gap. As AI-driven impersonation techniques become more sophisticated, enterprises may increasingly rely on layered identity assurance models that combine authentication, verification, and behavioral risk analysis to protect access across modern application environments.

Author

  • With over 15 years of hands-on experience in operations roles across legal, financial, and technology sectors, Sam Weston brings deep expertise in the systems that power modern enterprises such as ERP, CRM, HCM, CX, and beyond. Her career has spanned the full spectrum of enterprise applications, from optimizing business processes and managing platforms to leading digital transformation initiatives.

    Sam has transitioned her expertise into the analyst arena, focusing on enterprise applications and the evolving role they play in business productivity and transformation. She provides independent insights that bridge technology capabilities with business outcomes, helping organizations and vendors alike navigate a changing enterprise software landscape.

    View all posts